Age | Commit message (Collapse) | Author |
|
into current
* 'dhcpd-permissions-T2432' of https://github.com/jjakob/vyos-1x:
dhcp-server, dhcpv6-server: T2432: chown lease file to nobody:nogroup
|
|
wireless: T2427: migrate to use common configdict and vlan functions, add common interface includes to template
|
|
openvpn: T2241: fix wrong indent caused by 66e15005
|
|
T2435: fix syntax errors
|
|
dhcp(v6)-server/relay: T2438: change systemd service type to forking, validate config files
|
|
The default of systemd services Type=simple isn't suitable for dhcrelay and
other daemons.
- change service type to forking
- add RuntimeDirectory
- set PIDFile
|
|
The default of systemd services Type=simple isn't suitable for dhcrelay and
other daemons.
- change service type to forking
- add RuntimeDirectory
- set PIDFile
|
|
The default of systemd services Type=simple isn't suitable for dhcpd and
other daemons.
- change service type to forking
- add RuntimeDirectory
- set paths to files in Environment
- set PIDFile
- validate config and lease file in ExecStartPre
- add -q to make dhcpd quiet and only log to syslog
- set Restart=always
|
|
The default of systemd services Type=simple isn't suitable for dhcpd and
other daemons.
- change service type to forking
- add RuntimeDirectory
- set paths to files in Environment
- set PIDFile
- validate config and lease file in ExecStartPre
- add -q to make dhcpd quiet and only log to syslog
- set Restart=always
|
|
Commits f37194604 and 0cbad2850 migrated isc-dhcp-server(6) from
SysVInit to SystemD, changing the user and group dhcpd is started as.
This caused a permission error when dhcpd tried to write to lease files:
dhcpd[2829]: Can't create new lease file: Permission denied
As dhcpd is started as nobody:nogroup, setting the permissions on the
lease files to 664 root:vyattacfg would make dhcpd unable to write to
them. We can't make the files other-writable, as that would be a big
security issue, so we need to set either the owner or group of the files
to be dhcpd writeble. There should be no harm in changing both to
nobody:nogroup, as they were previously root:root.
If some other VyOS code doesn't like the ownership of these files in
/config, they can be either excluded from the check (possibly moved into
their own directory), or changed back to root:vyattacfg and vyattacfg added
to nogroup.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other interfaces were previously migrated, but this one was forgotten,
causing a commit error:
File "/usr/libexec/vyos/conf_mode/interfaces-wireless.py", line 621,
in verify
verify_vlan_config(wifi)
File "/usr/lib/python3/dist-packages/vyos/ifconfig_vlan.py", line 155,
in verify_vlan_config
for vif in config['vif'].values():
AttributeError: 'list' object has no attribute 'values'
|
|
debug: T1230: add time information to saved debug logs
|
|
http api: T2395: add waitress as production WSGI server
http api: T2395: replace bottle with flask as microframework
http api: use decorator to get command data from request
http api: catch appropriate errors
http api: function names should be consistent
|
|
|
|
|
|
|
|
|
|
|
|
|
|
New command added:
* set vpn sstp network-settings name-server 2001:db8::1111
|
|
New commands added:
* set vpn sstp network-settings client-ipv6-pool prefix 2001:db8::/64 mask 112
* set vpn sstp network-settings client-ipv6-pool delegate 2001:db8:100::/48 delegation-prefix 64
|
|
|
|
debug: T2426: remove invisible characters when printing
|
|
|
|
T2427: fix interface addressing, bugfix config library, migrate VLAN config to dicts, move VLAN adding to common function
|
|
|
|
|
|
|
|
|
|
|
|
Previously all vlan configs, which are dicts, were appended to a simple
list, with the distinguishing 'id' stored inside the dicts themselves.
This worked, but wasn't ideal.
This commit converts them to dicts, where the key is the VLAN ID and
value the config dict of that VLAN. This makes it posible to access
single VLANs by their ID (key) and we can for-loop and get both the ID
and config with: 'for vif_id, vif in conf["vif"].items():'
|
|
Commit 3fdf0093a introduced code that removed all addresses from an
interface when that interface is disabled. This is wrong, as other
configured services may be listening on these addresses and may fail to
start if their configured address isn't present.
It also caused a commit error when applying dhcp-server configuration:
DHCP server configuration error!
None of configured DHCP subnets does not have appropriate
primary IP address on any broadcast interface.
This commit reverts it to prior behavior, which was to just put the
interface admin down and leave all addresses configured, other than the
IPv6 'fe80::EUI-64/64' link-local, which it deletes, as the interface
may not have a MAC if it's put down.
|
|
Since lists in python are assigned by reference, taking the return value
from these functions and modifying it will modify all other return values
of functions that called the function before and did not explicitly copy
it.
To be safe, always make a copy of lists before returning them.
|
|
T2241: fix interfaces falling out of bridge
|
|
We've already verified that all member interfaces don't have any
addresses configured, so it should be safe to simply call 'ip addr flush' on
them to flush the remaining addresses (e.g. IPv6 link-local)
|
|
We've already verified that all member interfaces don't have any
addresses configured, so it should be safe to simply call 'ip addr flush' on
them to flush the remaining addresses (e.g. IPv6 link-local)
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, the interface was always deleted and recreated, which
removed it from the bridge.
- always re-add the interface back to any bridge it is part of
|
|
Bridge members should not have any addresses assigned.
|
|
|
|
- make error output more user friendly
- replace .format with f-strings
- split into lines less than ~80 characters long
|
|
Previously, set_vrf was always called, which uses the same master and nomaster
commands as bridge, so it removed the interface from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
|
|
Bridge members should not have any addresses assigned.
|
|
|